
close
close
Azure Active Directory (AAD) Domain Services allows organizations to “lift-and-shift” apps that use on-premises AD for authentication to the cloud, extending the capabilities of AAD to provide many of the features of on-premise Windows Server Active Directory (AD) but without the effort of installing domain controllers (DCs), setting up ExpressRoute or a VPN to connect on-premise DCs to Azure.
advertisment
Domain Services extends AAD to support Kerberos, NTLM, Group Policy, domain join, LDAP bind and read, Secure LDAP, custom domain names, DNS management, and custom Organizational Units (OUs). In addition to these features, it provides high availability, account lockout protection, and management using familiar tools.
In the first part of this two-part series, I’ll show you how to set up Domain Services in Azure and configure DNS. In the second part, I’ll discuss password hash synchronization requirements and how to perform a domain join operation.
Before you can set up Domain Services in Azure, you’ll need an Azure subscription and at least one Azure Active Directory tenant. It’s also worth noting that Domain Services isn’t available in all regions. To check availability for the region you intend to work in, see Microsoft’s website here. If you’re not familiar with Azure AD, check out What is Azure Active Directory? on Petri.
Let’s get started and deploy a new Domain Services resource in Azure. Log in to Azure and follow the instructions below.
advertisment
How to Configure Azure Active Directory Domain Services (Image Credit: Russell Smith)
How to Configure Azure Active Directory Domain Services (Image Credit: Russell Smith)
How to Configure Azure Active Directory Domain Services (Image Credit: Russell Smith)
It will take a few minutes to create the Domain Services resource. You should get a notification in the top right of the Azure management portal when the deployment has completed. If not, refresh the console in the browser.
Now we need to update the DNS configuration for the VNET so that VMs can find the new domain. If you are not automatically redirected to the Overview page for the new Domain Services resource, you’ll need to manually find it.
Any VMs that are running will need to be restarted to pick up the changes to DNS configuration.
How to Configure Azure Active Directory Domain Services (Image Credit: Russell Smith)
In the second part of this series, I’ll show you how to make sure that password hashes are synchronized from AAD to Domain Services, and how to join a Windows Server Azure VM to the new domain.
advertisment
More from Russell Smith
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Microsoft Azure
Microsoft's Azure AD Conditional Access Service Can Now Require Reauthentication
May 13, 2022 | Rabia Noureen
Microsoft Addresses Cross-Tenant Database Vulnerability in Azure PostgreSQL
Apr 29, 2022 | Rabia Noureen
Microsoft Simplifies IT Monitoring with New Azure Managed Grafana Service
Apr 19, 2022 | Rabia Noureen
System Center 2022 is Now Available with New Datacenter Management Capabilities
Apr 4, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group